A C++/Asm template for PIC/EXE/DLL malware
☆24Aug 12, 2025Updated 8 months ago
Alternatives and similar repositories for Imperium
Users that are interested in Imperium are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- .NET port of Leron Gray's azbelt tool.☆26Sep 21, 2023Updated 2 years ago
- Modular Shellcode Loader in C++☆10Apr 14, 2026Updated 2 weeks ago
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆44Nov 4, 2025Updated 6 months ago
- Extra cmdlets to help with quering security related information from Azure☆15Sep 16, 2024Updated last year
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆82Jul 25, 2025Updated 9 months ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- Command Augmentation support for BOFs and .NET assemblies across agents☆43Mar 17, 2026Updated last month
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- Executes Read/Write process memory with `NtQueryCompositionSurfaceStatistics`☆23Feb 10, 2024Updated 2 years ago
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆18Mar 4, 2023Updated 3 years ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆139Aug 31, 2025Updated 8 months ago
- A pure C version of SymProcAddress☆30Mar 17, 2024Updated 2 years ago
- Repository to gather the .NET malware I will be developing☆18Mar 7, 2026Updated last month
- ☆59Feb 19, 2026Updated 2 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Aug 13, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- shell code example☆68Dec 12, 2025Updated 4 months ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 8 months ago
- Finding Truth in the Shadows☆127Jan 26, 2023Updated 3 years ago
- Local SYSTEM auth trigger for relaying - X☆155Jul 23, 2025Updated 9 months ago
- ☆24Sep 6, 2025Updated 7 months ago
- Load various payload (DLL from memory, Exe, etc...) in a way to evade static analysis of Antivirus. It can fetch data from various method…☆22Apr 18, 2026Updated 2 weeks ago
- A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…☆61Mar 17, 2025Updated last year
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 3 years ago
- Malware?☆76Oct 26, 2025Updated 6 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A Windows PE loader / manual mapper for executables (x86 and x64) with full TLS (Thread Local Storage) support.☆94Oct 27, 2025Updated 6 months ago
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆38Aug 31, 2025Updated 8 months ago
- Mass target enumeration☆32Apr 3, 2021Updated 5 years ago
- A dotnet executable to get an Entra token in an authenticated runtime☆17Oct 30, 2024Updated last year
- A simple parser(library) which extracts shimcache data from windows.☆16May 20, 2019Updated 6 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆108Feb 25, 2025Updated last year
- Reports on Driver, LSASS and other security services mitigations☆34Aug 18, 2025Updated 8 months ago
- WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs☆18Aug 11, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Encodes a payload within a generated mock-CSS file☆59Sep 18, 2023Updated 2 years ago
- Collection of red team techniques.☆70Apr 25, 2025Updated last year
- One-header configurable C++20 COFF loader☆20Jul 21, 2025Updated 9 months ago
- ForsHops☆60Mar 25, 2025Updated last year
- Proxy function calls through the thread pool with ease☆31Feb 27, 2025Updated last year
- ☆43Feb 18, 2025Updated last year
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆43Mar 3, 2026Updated 2 months ago